Skip to content

According to RFC7230:3.2.4,whitespace in repsonse header fieldname should be removed,not just return parse error #6793

New issue
New issue
Closed
#6794
Closed
According to RFC7230:3.2.4,whitespace in repsonse header fieldname should be removed,not just return parse error#6793
#6794
Labels
HTTP
Milestone
9.1.0
@garfieldonly

Description

@garfieldonly
garfieldonly
opened on May 15, 2020

In the commit below
08512de

we treat it as parse error while we found white space between field name and colon.
It's right when we found ws in request.
However,we should remove white space when we found it in response.

No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace have led to security vulnerabilities in request routing and response handling. A server MUST reject any received request message that contains whitespace between a header field-name and colon with a response code of 400 (Bad Request). A proxy MUST remove any such whitespace from a response message before forwarding the message downstream.

@oknet @bryancall

Metadata

Metadata

Assignees

No one assigned

    Labels

    HTTP

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions